SigningHelper Utility
SigningHelper utility
The SigningHelper utility is used to sign and verify strings within the mapping rule. This utility supports the following algorithms:
- RSA256
- RSA384
- RSA512
- PS256
- PS384
- PS512
Example of usage:
importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.SignHelper);
var signingString = "The SigningHelper utility is used to sign and verify strings within the mapping rule. This utility supports the following algorithms."
var signedString = StringSigningHelper.sign(signingString, "keystore", "privatekey", "PS512")
var result = StringSigningHelper.verify(signingString, signedString, "keystore", "certificate", "PS512");
if(result == true){
IDMappingExtUtils.traceString("Verification successful");
}
else{
IDMappingExtUtils.traceString("Verification failed");
}
1. SigningHelper sign
sign(stringtobesigned, keystore, privatekeylabel, algorithm)
| Parameter | Description |
|---|---|
| stringtobesigned | The string that needs to be signed |
| keystore | A keystore reference to the set of defined keystores in the configuration, throws an error if the keystore does not exist |
| privatekeylabel | A private key label reference within the defined keystore in the configuration throws an error if the reference does not exist |
| algorithm | Signature algorithm |
The sign method returns the signed string as a result. It returns a JSON object with the error if it fails.
2. SigningHelper verify
verify(stringtobesigned, signature, keystore, certificatelabel, algorithm)
| Parameter | Description |
|---|---|
| stringtobesigned | The string to be verified |
| signature | Signature |
| keystore | A keystore reference to the set of defined keystores in the configuration, throws an error if the keystore does not exist |
| certificatelabel | A certificate label reference within the defined keystore in the configuration throws an error if the reference does not exist |
| algorithm | Signature algorithm |
The verify method returns a Boolean if verification succeeds. It returns a JSON object with the error in case of failure.
Hash Utility
The calculateHash utility is used to calculate the hash of an input based on an algorithm. This utility supports the following algorithms:
- SHA256
- SHA512
1. calculateHash
calculateHash(input, algorithm)
| Parameter | Description |
|---|---|
| input | The string that needs to be hashed |
| algorithm | The algorithm that is to be used for hashing |
The calculateHash method returns a base64 encoded hashed string with padding.
Example of usage:
importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.SignHelper);
resultSHA256 = StringSigningHelper.calculateHash("testuser123","SHA256")
IDMappingExtUtils.traceString("resultSHA256:"+resultSHA256);
2. calculatePBKDF2Hash
PBKDF2 stands for Password-Based Key Derivation Function 2. It enhances the security of hashed passwords in two significant ways: by using salts and by applying many iterations to the hashing process.
calculatePBKDF2Hash(input, salt, iter, keylength, alg)
| Parameter | Description | Type |
|---|---|---|
| input | The string to be hashed | string |
| salt | Salt is random data that is fed as extra input to a one-way function that hashes data as a Base64-encoded padded string | string |
| iter | Is the number of iterations wanted | integer |
| keylength | The required bit-length of the derived key | integer |
| algorithm | The psuedo random function used as a building block for PBKDF2 | string |
The calculatePBKDF2Hash method returns a Base64-encoded hashed string with padding.
Example of usage:
importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.SignHelper);
let salt = "ABdUrieTXpJS8/Sc9ttjXA=="
let iter = 27500
let keylength = 32
let alg = "SHA256"
let providedPassword = "Passw0rd"
result = StringSigningHelper.calculatePBKDF2Hash(providedPassword, salt, iter, keylength,alg)
var calculatePBKDF2Hash = {"calculatePBKDF2Hash": result};
Updated 3 months ago